<html> <head> <title>Building a Login Form </title> </head> Building a Login Form <?php //if form not yet submitted //display form if (!isset($_POST['submit'])) { ?> <form method="post" action="login.php"> Username: Password: </form> <?php //if form submitted //check supplied login credentials //against database } else { $username = $_POST['username']; $password = $_POST['password']; //check input if (empty($username)) { die ('ERROR: Please enter your username'); } if ('ERROR: please enter your password'); } // attempt database connection try { $pdo = new PDO('mysql: dbname=users;host=localhost','yeo', 'yes'); } catch (PDOException $e) { die ("ERROR: Could not connect: " . $e->getMessage()); } //escape special characters in input $username = $pdo->quote($username); //check if username exists $sql "SELECT COUNT(*) FROM users where username $username"; if ($result = $pdo->query($sql)) { $row = $result->fetch(); //if yes, fetch the encrypted password if ($row[0] ==1) { $sql "SELECT password FROM users WHERE username $username"; //encrypt the passord entered into the form //test it against the encrypted password stored in the database //if the two match, the password is correct if ($result = $pdo->query($sql)) { $row = $result ->fetch(); $salt = $row[0]; if (crypt($password, $salt) == $salt) { echo 'Your login credentials were successfully.'; } else { echo 'You entered an incorrect password.'; } } else { echo "ERROR: Could not execute $sql. " . print_r ($pdo->errorInfo()); } //close connection unset($pdo); } } ?> </html>
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question